Need your guys help....
my httpd server gets requests from various ip address from all over the world
regularly, but the request is quite weird...
The log says...
203.229.148.163 - - [15/Aug/2001:09:58:09 -0800] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XX X
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9
0 9
0%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b0
0 % u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 164
Anyway...I have a feeling it's trying buffer flow then to overwrite the some
parts of the web server software...
Question -- 1. Is it some kind of hacking?
2. how do I stop it?
3. is it code red?
Thanks.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
